Since 2004, a source for ranting, reviews and InfoSec news

Menu

He noticed that the hardware address was listed on the retail packaging of an Apple server he just bought. Personally I think that would be quite convenient. In a corporate environment, that may need to be updated in an asset tracking database. From the comments on the article, Apple isn’t the only vender to do that.

Gewirtz might even have a point, if he was talking about this information disclosure allowing access to internal company networks that use MAC address as a whitelist for devices.

Instead, Gewirtz is repeating out of date wireless security advice and generating a security concern from that. Gewirtz is concerned that if you were doing HW address filtering on your wireless network, and a bad guy saw your retail package (no. no beavis style chuckling), they would then be able to connect to your wireless network after defeating your wireless encryption.

That is actually an unfortunately phrased argument in his article. ” Once allowed onto the network [via mac address spoofing], the intruder would simply have to begin the process of cracking your encryption.” Actually the wireless attacker can sniff your traffic without a hardware address. When he sniffs the wireless traffic, he will find the hardware address in the clear (unencrypted). He/She didn’t need the retail packaging after all.

Stand down Gewirtz. This is only an issue if you
1. put your wireless security hopes in HW address filtering rather than WPA2.
2. Your computer uses the hardware address to generate the IPv6 address. (most don’t due to privacy concerns.

That would have been a better scare article. Maybe he should recycle that article as IPv6 gets more widely adopted.